← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279093

CAT I (High)

ColdFusion must configure Lightweight Directory Access Protocol (LDAP) for Transport Layer Security (TLS).

Rule ID

SV-279093r1171053_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002418

Discussion

LDAP is commonly used for accessing and maintaining distributed directory information services. When LDAP authentication is performed without encryption, sensitive information such as usernames and passwords can be transmitted in clear text, making it vulnerable to interception and unauthorized access. By using TLS to secure LDAP authentication, the data transmitted between the client and the LDAP server is encrypted, ensuring the confidentiality and integrity of the authentication process. This practice helps protect against eavesdropping, man-in-the-middle attacks, and other security threats, thereby enhancing the overall security of the ColdFusion server and the applications it hosts. Regularly verifying and enforcing using TLS for LDAP authentication is essential for maintaining a secure server environment.

Check Content

Verify LDAP is configured for TLS.

1. From the Admin Console Landing Screen, navigate to Security &gt;&gt; Administrator.

2. Click "Edit LDAP Configuration".

If "SSL/TLS" is not enabled, this is a finding.

Fix Text

Configure LDAP for TLS.

1. From the Admin Console Landing Screen, navigate to Security &gt;&gt; Administrator.

2. Click "Edit LDAP Configuration".

3. Enable the "SSL/TLS" setting.

4. Select "Save".

5. Select "Submit Changes".